You are on page 1of 21

Hacking

having fun with sh, perl, and python scripts

budi rahardjo @rahard

hacking

Hacking is the gaining of access (wanted or unwanted) to a computer and viewing, copying, or crea:ng data (leaving a trace) without the inten:on of destroying data or maliciously harming the computer.

This represents the Good Guys most of the :me for they are the ones who search for these exploits to prevent crackers use a method called cracking(opposite of hacking).

Hacking and hackers are commonly mistaken to be the bad guys most of the :me. Crackers are the ones who screw things over as far as crea:ng virus, cracks, spyware, and destroying data.

hack·er

(hăkʹər)

n. informal

1.

a. One who is proficient at using or programming a computer; a computer buff

b. One who uses programming skills to gain illegal access to a

computer network or file.

2.

Onewho demonstrates poor or mediocre ability, especially in a sport: a weekend tennis hacker.

Word History: Computer programmers started using the word hacker in the 1960s as a posi:ve term for a person of skillful programming ability. The usage probably derives from hack meaning "to chop," or from hacker, "an amateurish player, as at golf." As :me went on, hacker became less posi:ve, however. Already in the 1960s, engineering students at such universi:es as Cal Tech used the related noun hack to mean "an ingenious prank." Among the pranks that some computer programmers would engage in, of course, were break-ins into other computer systems. As such break-ins aVracted na:onal aVen:on, the media seized upon the word hacker as the label for the perpetrators—a usage that many programmers object to because they know it used to be a term of praise.

sh, bash,

SHELL SCRIPT

the history of sh

What is “shell”? The history of UNIX

UNIX vs. *nix-like (*BSD, Minix, Linux, Hurd,…) sh, csh, ksh, bash, tcsh, zsh, …

Shell programming

Orchestra:ng UNIX tools/u:li:es (which are good at doing their stuff)

Web-site/HTML (pre)processor

How to create a sta:c web site (for the paranoids)?

Lots of pages/files Need consistent look and feel/UI Modify “theme” when needed (Offline CMS)

Disec:ng a web page

HEAD (before :tle)

TITLE

HEAD (aner :tle)

BODY (naviga:on bar)

Content

BODY (end) Core Javascript

#! /bin/bash

process.sh

cwd="/Users/Budi/Public/budi-insan2/src"

template="/Users/Budi/Public/budi-insan2/src"

output="/Users/Budi/Public/budi-insan2/out"

filename=$1

outfile=$output/$filename.html

echo "$outfile" cat $template/1-head-before-title.html > $outfile

cat $cwd/$filename.title >> $outfile

cat $template/2-head-after-title.html >> $outfile

cat $template/3-body-nav-bar.html >> $outfile

cat $cwd/$filename.txt >> $outfile

cat $template/4-body-end.html >> $outfile cat $template/5-core-javascript.html >> $outfile

Source directory

$ ls

1-head-before-title.html

2-head-after-title.html

3-body-nav-bar.html

4-body-end.html

5-core-javascript.html

about.title

about.txt

academics.title

academics.txt

articles.title

articles.txt

index.title

index.txt

makalah-security.title

makalah-security.txt

new.title

new.txt

personal.title

personal.txt

struktur.txt

students.title

students.txt

template.html

$ cat run.sh #! /bin/bash

./process.sh index ./process.sh about ./process.sh academics ./process.sh articles ./process.sh new ./process.sh personal ./process.sh students ./process.sh makalah-security

PERL

18-Feb-2016

PERL 18-Feb-2016 BR - hacking (2016) 11

BR - hacking (2016)

11

What is perl?

Combina:on of sh, unix u:li:es, basic, C, … (kitchen sink) Available for all kinds of plarorms I was the maintainer for DOS port of perl

I had to use perl at that :me because I had mul:ple plarorms (various UNIXes; SunOS, AIX, HPUX, [Linux was not even born], and DOS at home)

Only “C” and “Perl” were available

18-Feb-2016 BR - hacking (2016) 13
18-Feb-2016
BR - hacking (2016)
13

#! /usr/bin/perl

topic-generator.pl

$topicDB='topics.txt'; open(my $DB, '<', $topicDB) or die $!;

$count=0;

while (<$DB>) { if ($_ =~ "^--") { $count++; } else { $topic{$count} = $topic{$count} . $_;} } close($DB);

$luckyone = int(rand($count-1)); print $topic{$luckyone}; exit;

More perl scripts

TwiVer crawler TwiVer analysis

Session hog (create mul:ple connec:ons to internet services, DoS aVack)

Mailbomb

Perl poetry

… [too many]

More perl scripts •   TwiVer crawler •   TwiVer analysis •   Session hog (create

PYTHON

18-Feb-2016

BR - hacking (2016) 16
BR - hacking (2016)
16

(Hologram) Client-Server App

An applica:on to determine user’s character (by asking ques:ons) and display the imaginary character of the person

“Character” is displayed as hologram (video)

Server:

wait for command to display a par:cular video

Client:

ask user (ques:onaire), send result to server

Server

[see source code. A bit too long if pasted here.]

Basically, it’s a telnet-based server

Wait for a (telnet) connec:on in a certain port and respond to the commands

Commands

“play videoname.mp4” (play that video) “kill” (kill the previous play) “quit” (exit the telnet sever)

Client

[see source code – on screen. Too long if typed here.]

Ask user based on ques:ons in “ques:ons.txt” file Display the ques:ons using Tkinter Based on user selec:on, calculate the point. Based on this point, select the appropriate video Telnet to the server with command “play

videoname.mp4”

When done, send “quit” command Back into the loop

Future Applica:ons

Interac:ve video (adver:sing) display Interac:ve games

Server can run in a cheap single board computer (aVached to a TV screen)

Too many …

Concluding Remarks

Hacking is fun. (No cracking please)